Ask Slashdot: Options For FOSS Remote Support Software?

Albanach writes "I'm sure I'm not alone in being asked to help friends and family with computer issues. These folk typically run Windows (everything from XP onward) or OS X (typically 10.4 onward). Naturally, desktop sharing is often much easier than trying to talk the other end through various steps. I've found free sites like join.me but they don't work with OS X 10.4, neither does the Chrome plugin. I'd also prefer not to compromise security by using a third party in the middle of the connection. Is there a good, free solution I can run on my linux box that supports old and new clients that run Windows, OS X and possibly linux? I'd love it if the users could simply bring their systems up to date, but that doesn't solve the third party issue and it's not easy when it requires a non-trivial RAM upgrade on a Mac Mini."

You've really never heard of VNC?

[Nimey]

Because that's what you want.

Re:You've really never heard of VNC?

[mrclisdue]

No offense intended, but I'm having a hard time understanding why anyone would be asking the submitter for computer advice.

Seriously.

cheers,

Re:You've really never heard of VNC?

[gmack]

The downside of VNC is that you need to create a hole in your firewall for it and you also must know the host name, that puts it a step down from things like logmein.com which I've used to repair windows laptops in cases where I don't control the firewall (in one case Iraq).

I also would be interested in something like that that I could control using my own server and happens to be cross platform.

Re:You've really never heard of VNC?

No offense intended, but I'm having a hard time understanding why anyone would be asking the submitter for computer advice.

Seriously.

cheers,

Well, you could ask the Slashdot editors.

Yes you can.

Why not?

Jeez.

OK already. Just take me out back and shoot me.

Re:You've really never heard of VNC?

you never heard of listen mode?

step 1) get yourself a short and easy to type dynamic dns name and keep it updated
step 2) punch a hole in your firewall/add a port forwarding rule to your router/whatever applies (even using upnp if you like it)
step 3) start the vnc client on your machine in listen mode
step 4) tell your friend/relative/client to install tightvnc (the free version) with all default options
step 5) tell your friend/relative/client to connect to your machine, it is a couple click and an address to enter (and maybe a password to set). you an easily guide them by phone in this step, or write a simple web page to show them how.

Re:You've really never heard of VNC?

What part of: does not control firewall did you not understand?

Re:You've really never heard of VNC?

Don't say "No offence intended" and "cheers" if you don't mean it. It's rude.

Cheers

Re:You've really never heard of VNC?

[Jah-Wren+Ryel]

You don't need to have control over the firewall if you only need an outgoing connection - that's what listen mode is.

Re:You've really never heard of VNC?

[binarylarry]

I don't mean to be a dick, but fuck you.

Re:You've really never heard of VNC?

You don't need to have control over the firewall if you only need an outgoing connection - that's what listen mode is.

From TFAC

step 2) punch a hole in your firewall/add a port forwarding rule to your router/whatever applies (even using upnp if you like it)

Re:You've really never heard of VNC?

[Nimey]

*Your* firewall. The one that you control on /your/ end. Not the remote user's firewall.

Re:You've really never heard of VNC?

[artor3]

Step down off that high horse of yours. Anyone who so much as knows how to copy & paste an error message into Google will get asked for computer advice. That is, unless they're so full of themselves that they look down on someone who happens not to know some random bit of knowledge. Those people will drive away anyone who might otherwise ask them for help.

Re:You've really never heard of VNC?

[hkrish4]

Teamviewer is much better than VNC. I love VNC. But lately Teamviewer is the one I prefer because of it's wonderful features.

Re:You've really never heard of VNC?

[gmack]

If I'm connected via wireless modem, I'm stuck behind the horrid telco firewall that blocks listening services. In this case logmein works but listening mode will not.

Re:You've really never heard of VNC?

[Albanach]

I'm the submitter. I presume your friends and relatives are stunningly more technically adept than mine.

I have personally been using VNC for over a decade. Judging by your /. uid, that's probably a good bit longer than you.

How about you take a moment to read the question. I'm looking for remote support software similar to join.me or the chrome plugin. That means the other end uses their browser, goes to the URL I give them and with as little other input as possible, I can share their desktop.

That does not describe VNC. I already have a vnc/ssh based solution. It's convoluted and yes, they find it difficult. Perhaps you've never assisted folk in their 70s with IT, but yes, for many, something that simple is difficult. It's difficult because it's unfamiliar. They use their web browser and they use email. That's what they know about their computer.

Now VNC may be part of the solution - indeed I would fully expect that. But not plain old vnc or a combination with SSH. The end user shouldn' t need to locate software, open firewall ports, execute shell scripts or type convoluted SSH commands.

Finally folk do, frequently ask me for advice. They do so for the simple reason that I try and give them a solution that meets their needs. That solution is not VNC or I wouldn't have posted the question. I think if you'd read the question rather than trying to get the first moral superiority post you might have realized that.

Re:You've really never heard of VNC?

[Nimey]

Then you need to have put that information into the original request instead of expecting us to read your mind.

Re:You've really never heard of VNC?

[Albanach]

Suggest you go back and reread the question. VNC or VNC + ssh does not come close to the service offered by join.me or the Google Chrome desktop sharing plugin.

I presume the question in your post title was rhetorical. In case it was not, I was using VNC for remote desktop control at least 13 years ago. I think I have a pretty good understanding of both its benefits and its shortcomings.

If you'd like to suggest ways - as others below helpfully have - to use the underlying technology of VNC, but also make it accessible to an inexperienced end user then I'd be delighted to hear your contribution to the discussion.

Re:You've really never heard of VNC?

[ThurstonMoore]

Teamviewer

Re:You've really never heard of VNC?

[stanlyb]

Ok, so, i have the VNC client, my friend has the VNC server, now, only if i could remember what his IP is.. and port..

Re:You've really never heard of VNC?

[adolf]

Before we start a dick measuring contest based on Slashdot UIDs:

First off, if you've got your users grabbing random (to them) software and slogging through a shell, you're doing it wrong. Whatever it is that you've got them doing is something that you've already failed to automate on their behalf.

Secondly, don't throw out the baby with the bathwater. It seems to me that if there were software in existence that worked just like VNC but in reverse, it would fit your important* requirements just fine.

Now, suppose this concept already existed, and had been in use for some years. How would you find such a thing? Nobody would be stupid enough to call it reverse VNC, would they?

But just to make sure, I googled reverse VNC and HOLY FUCK THERE IT IS!

*: Your requirement of running in a web browser is as ridiculous as your unstated requirement that it not be VNC.

Re:You've really never heard of VNC?

[Scutter]

Then you need to have put that information into the original request instead of expecting us to read your mind.

It was obvious to me that he was looking for something that wasn't VNC. I think Slashdot readers are generally so used to being highly technical that they forget that not everyone can (or wants to) roll their own solution from scratch. The users he's trying to support will certainly not have any expertise in activating a support session, or they wouldn't be calling for support to begin with. The solution, therefore, has to be as simple as possible. What he's looking for is something similar to Bomgar (which we use extensively), but is FOSS (which Bomgar most definitely is not).

Re:You've really never heard of VNC?

So where is it? The blog entry at the top of the google search you point to involves sending an executable and a dll to the customer. They then run software, set a password, input an ip address and then you get a connection.

Seriously? You think that compares to the many commercial tools that allow the user to open a web page, click to run a browser based app and that's it. And why would running a support session from a web browser be ridiculous? It's a technique used by almost every major IT firm i have worked with, even for things like Dell gold support on $10k Linux servers.

I mentioned the sort of things I was looking for in the original post. I'm sure it's technically possible to achieve with wrappers to VNC. Either I got different google results or your search doesn't answer the question.

Re:You've really never heard of VNC?

At this point low end box is probably the friend you need.

Re:You've really never heard of VNC?

How about you take a moment to read the question.

How about you re-read your own question. You didn't say jack shit that suggested VNC wasn't exactly what you were looking for.

I'm looking for remote support software similar to join.me or the chrome plugin.

You didn't say that either. You did mention those apps, but only to say they don't work for you (and you list an OS for which VNC will work for you).

That means the other end uses their browser, goes to the URL I give them and with as little other input as possible, I can share their desktop.

You didn't say anything even slightly like that in your submission. It's fine if you have arbitrary requirements like that, but you didn't mention them before, so don't be an asshole when someone suggests something that is a perfect fit for the question that you asked, but which didn't fit the secret question that was in your head.

I think if you'd read the question rather than trying to get the first moral superiority post you might have realized that.

He was a dick, but double dick on you. If you had written the question you wanted answered, instead of trying to get the first moral superiority reply, you might have gotten better answers.

Re:You've really never heard of VNC?

...and I've probably been running VNC longer than you and I don't even have a Slashdot UID! Amazing, it is as if a Slashdot UID is not mandatory at all.

Also, having a low UID by your own statement, you should know that a question which comes up as something that could have been solved by JFGI is not going to be well received here. Expect an answer, but also expect 95% of the comments to come from superior asshats. Feel free to include me in that category.

My biggest problem with the question is that it is clearly lacking in information:

Is there a good, free solution I can run on my linux box that supports old and new clients that run Windows, OS X and possibly linux?

Yes, VNC! What's that, you don't want VNC, the blatantly obvious answer to your direct question? Then specify that to begin with and avoid 100 comments suggesting VNC and that you are technically challenged. That will save time for these hundreds of people, and it will save time for you.

Re:You've really never heard of VNC?

[bcmm]

And use a reverse VNC connection (where the viewer listens on a port for the "server" to open a connection). That way, you only need to worry about your own NAT router. There are some VNC servers that allow you to create a nice package that when run automatically opens a reverse connection, which, combined with a dynamic DNS service for your own network, could give an idiot-proof way to get things started.

Re:You've really never heard of VNC?

[jimicus]

Doesn't pass the F/OSS test. Nor does it pass the "must not include anyone sitting in the middle" test.

On the plus side, it does pass the "free as in beer for personal use" test.

OP: I think you're going to struggle unless you're prepared to compromise on some of your requirements. There are loads of proprietary solutions that provide this sort of functionality, but most of them are aimed at corporates that don't care too much about the architecture of the solution as long as it works - nor do they care about the price, as long as it's not silly.

Re:You've really never heard of VNC?

[mrclisdue]

...Judging by your /. uid, that's probably a good bit longer than you...

...which lends credence to my original query, How can my uid have ANYTHING to do with how long I have been involved in remote support (22 years, beginning with software which I believe was included in AccPacc, by Winsim - it may have been called PC-Commute, and ran on Win 3.1) ?

cheers,

Re:You've really never heard of VNC?

[adolf]

Pro-tip: Google often returns more than one result.

Scroll down. Try to solve the problem you have, and stop blaming others for failing to sufficiently spoon-feed it to you.

Re:You've really never heard of VNC?

[ThurstonMoore]

That's too bad that he's restricted himself so much, because Teamviewer works great for all my computer challenged friends. It doesn't even have to be installed. There is a run only option in the installer.

Re:You've really never heard of VNC?

[ThurstonMoore]

Please see my other post about Teamviewer, it uses vnc and is simple to use. It doesn't even need torun all the time.

Re:You've really never heard of VNC?

[ThurstonMoore]

Here is a list of remote desktop software i found while shitting before work this morning.
  http://en.wikipedia.org/wiki/Comparison_of_remote_desktop_software

Re:You've really never heard of VNC?

Check out vyew.com

You can create a "Room" and give only certain people permission; so one room for each support person. You can also send an invitation with a link in an email so the end-user only has to click the link (hard to get easier than that).
Then, within the room, at the top is a "share desktop" button that any user can click and share their desktop.

I know this works on Windows and Mac; however, I am not sure if the control of the desktop can be passed to other people (as I don't really use that option this way myself). The service is free for up to 10 rooms as well :)

Re:You've really never heard of VNC?

[dbIII]

It's not 1999. A lot of variants of VNC come with their own ssh include features that even allow it to go via an ssh tunnel on a proxy as well if you want to go that far (ssvnc, tightvnc, turbovnc, realvnc(?) and I'm sure several others). You can give up on that "convoluted" method you've mentioned above because the vnc clients have improved.
There are also many browser based methods, such as gotomypc, webex (both of which I've used and they work) and many more, but most involve some sort of payment, which for a single use at a time probably won't be much at all. Take a look for software and services designed for internet meetings and you'll find a very large number of options that are actually better for remote PC support than their designed purpose of internet meetings. I'd say you are probably meeting some hostility here because your question fits such products so well that people are assuming it's the lead in for an advertisement and are just waiting for you to drop the brand name.

Re:You've really never heard of VNC?

[wolrahnaes]

*Your* firewall. The one that you control on /your/ end. Not the remote user's firewall.

Yes their end. If the user performing the remote support is connected via a mobile phone, they may not be able to receive incoming connections.

I've had to do it many times, I'm out on the road and something comes up for which I'm either the only person that can handle it or the best person to handle it. I don't know what the restrictions will be on whatever internet connection I'm attached to, but if I can make outbound connections I can probably get one of the services the OP listed as wanting to emulate working. That's the goal here, neither the supporter nor supportee should require the ability to receive arbitrary incoming connections at their current location.

Re:You've really never heard of VNC?

Can't you just make a pre-built VNC downloadable executable hosted on a webpage?

I hate VNC because it's slow, but you can make it 'simple' to use (download, run an exe and it's a session created to callback to your VNC viewer only.)

Re:You've really never heard of VNC?

http://www.uvnc.com/products/uvnc-sc.html

Re:You've really never heard of VNC?

[CAIMLAS]

Why was this modded informative?

If VNC is what you want, you don't really know what you want. It's a crap protocol - high bandwidth, low quality, insecure, and slow. There's a reason why everyone's looking for something else.

Re:You've really never heard of VNC?

[cbiltcliffe]

If the submitter knew how to copy and paste an error message into Google, then the submitter would also be able to search Google for cross platform desktop sharing software.

Re:You've really never heard of VNC?

[cbiltcliffe]

Simple. Write a GUI in Visual Basic to trace an IP address.....d'oh!

No....write a GUI in Visual Basic that automatically downloads and runs the VNC server, and connects it to the listening connection on your end.
They click to download, click again to run, and boom, it's done.

Re:You've really never heard of VNC?

[UnderCoverPenguin]

My one-click solution is, as I mentioned in another post, to provide a "Call Max" icon or Start Menu item. Clicking the icon/item sets up a connection to my personal server. Where ever I am, I can connect to my server, then to my relative's PC via the SSH tunnel. I'm sure this could be done via an URL in the web browser, but this works. My relatives only have to either go to the desktop or click on "Start", then click on an icon or menu item. Everything else is automatic. (Ok, so it's really 2 clicks, including getting to the desktop or opening the Start Menu.) I set this up for them. Nothing special they have to do.

Re:You've really never heard of VNC?

Just forget about the OSS part and use Teamviewer, free for non-commercial use and couldn't be any simpler.

Re:You've really never heard of VNC?

I second TeamViewer or Copilot.

VNC works, but is a royal PITA to use with a naive user on the other end. It helps that most of my family support is done on the weekends, when it's free to use Copilot. It was a lifesaver when my daughter was in Europe last semester...

Re:You've really never heard of VNC?

[Rozzin]

The downside of VNC is that you need to create a hole in your firewall for it and you also must know the host name, that puts it a step down from things like logmein.com which I've used to repair windows laptops in cases where I don't control the firewall (in one case Iraq).

I also would be interested in something like that that I could control using my own server and happens to be cross platform.

It's been a few years, since I looked at this, but the last time I needed to solve this problem, Active Port Forwarder was the best option for dealing with the whole `getting in past the firewall without opening up a security hole' issue.

VNC?

[Dan+East]

VNC is probably the most prolific remote access client / server software in existence. It is open source, although some companies have created enhanced functionality on top of VNC which is available as commercial products. OSX supports VNC type remote access natively.

Google+

The Google+ hangouts works for my students when they have software issues. I second-seat them and things run smoothly. If you are doing the maintenance on their computers, you can ensure that the plugin installs correctly and go from there. -TN

Re:Google+

It may work for most things, but the Google+ hangout plugin will only work on OSX 10.5 or higher.

10.4 won't do it.

Re:Google+

[sydbarrett74]

Well then maybe they need to ditch a version of OSX that's eight years old and slap on Linux.

Or, ssh?

[xzvf]

OK, that's a stretch....

Re:Or, ssh?

[rubycodez]

you can install sshd on windows, but you won't be helping relativers with their GUI or windows admin problems with it....

Re:Or, ssh?

[RealGene]

Since VNC is notoriously insecure, it's good practice to only run it over ssh on an untrusted network.
So, the answer is both.

Re:Or, ssh?

Try echoware. http://www.echogent.com/tech.htm

Not completely open source but still viable.

Re:Or, ssh?

[rubycodez]

nonsense, no one is going to intercept your VNC stream during the time you are helping your relatives. get real, no one at your ISP is snooping traffice from home looking for a VNC session to tamper with. have your relatives turn off the server when done. you are more likely to get struck by lightening.

or entertain us by your laughingly improbable method by which you will intercept someone's VNC packets.

Re:Or, ssh?

[binarylarry]

Exactly. That's why I use rsh on all my servers.

It's faster and easier and no one on the internet is possible sniffing my packets.

Re:Or, ssh?

[markdavis]

Parent is over-rated. Exactly how is VNC "notoriously insecure"? Because it is not encrypted? Do you really think someone is going to intercept the screen drawing compressed bitmap traffic during some ad-hoc session? And what exactly will they get? A temporary visual of someone's screen?

Security really depends on how it is all implemented. I typically set it up so the person on the other end has to launch the VNC server, it has a strong password (which is not the same as any user), and it will only allow a connection for about 30 seconds before closing down.

Re:Or, ssh?

[RealGene]

Have you ever tried to help an 80+ year-old relative with their computer?

"Just start the VNC server, auntie."
"Is that the 'start' button thingy?"
"No, just click on the icon that says 'VNC'."
"All I see is the email from cousin Ruby."
"Ok, close the email first."
"Do I turn off the computer? That's what I do when I'm done reading my mail..."
(continues for 35 minutes)

The point being, the folks who need the help can't be relied upon to start/stop a VNC server, or carry out any other task
that isn't part of their normal routine. And leaving a VNC server running, with circa-1985 eight-character password, on a standard port,
is a security risk.

Re:Or, ssh?

[Capt.+Skinny]

Do you really think someone is going to intercept the screen drawing compressed bitmap traffic during some ad-hoc session?

While we're at it, let's forgo backups. Do you really think a hard drive is going to die? And insurance. What are the chances your house will burn down? And seat belts. And safety harnesses. Because if it's not likely, it's not worth the trouble of protecting against, right?

Re:Or, ssh?

[DarwinSurvivor]

If your relatives leave the VNC server running, that's a VERY easy attack vector for anyone with a port scanner. If they leave an SSH server running (assuming you're smart and disable password authentication) and port-forward the VNC port over that (so the VNC port is never forwarded past the router), then there is VERY little chance anyone is going to use it against them.

Re:Or, ssh?

[Wrath0fb0b]

Since VNC is notoriously insecure, it's good practice to only run it over ssh on an untrusted network.
So, the answer is both.

No, the solution is to have server initiated connections to a listening client that is launched on demand, which has the amazing added benefit that the techie is the one to configure his firewall/NAT appropriate rather than the noob. Consider the following secure handshake done over the telephone:

(Noob) Hi, can you help me with WinFooBarTunesExtreme?
(Techie) Sure, let me fire up my listening client and open a port on my local firewall and router
(Noob) I like turtles!
(Techie) Click on the little VNC icon near the clock, click "Connect to Listening Viewer" and type www.techiedomainname.com" then click OK
(Noob) Derp, OK, w-w-w-dot-t-e-c-h-i-e-d-o-m-a-i-n-n-a-m-e-dot-c-o-m, OK
(Techie) Cool, now I can see your screen, please reproduce the error while explaining to me what you are trying to do. ...
(Techie) Let's make sure that VNC is not set to accept connections, OK good, looks nice.

When the session is done, the noob drops the server connection and all is well. VNC server is not set to accept remote-initiated connections (trivial to configure right) so there's zero risk from that end. The techie closes the listening client and disables his port mappings (I hope).

Even the setup is easy, since the noob only has to click "Next" a bunch of time through the VNC server setup and then the techie can adjust the settings once he's connected. There's zero persistent open connections and so zero persistent attack surface. Since there's no passwords exchange, there's no risk of eavesdroppers stealing any credentials.

Re:Or, ssh?

Last time I checked (a few years ago), none of the existing VNC servers out there had protection against brute-forcing the password. It wouldn't even notify the process owner that incorrect passwords were tried, leaving you with no idea anyone was even hammering the server.

This would mean turning the server on specifically when you wanted to use it, which is hard enough to explain to the person you're trying to help (as already stated by several other people here)-- unless brute-forcing protection has been added to one of the few open-source VNC forks out there, it'd be worse than walking someone through system troubleshooting over the phone.

Re:Or, ssh?

[LinuxIsGarbage]

even better, you can configure a shortcut on the "noob"'s computer so they don't even have to type anything to start a connection to a listening client.

Re:Or, ssh?

Even that is 100x more difficult than using one of the numerous screensharing tools, or even the shit that's built into Windows & MSN messenger.

Re:Or, ssh?

[John+Bresnahan]

I give my (almost) 80-year-old a desktop icon which is called "Call John" and it starts up the VNC server with the appropriate command line options to start up a reverse connection to my computer.

If my IP address changes, I just email her a new shortcut file to replace the one on her desktop.

Re:Or, ssh?

Or you can use, like, a dynamic ip domain name service?

Re:Or, ssh?

[the_B0fh]

you haven't looked at the logs and seen people knocking on vnc ports have you?

Re:Or, ssh?

[hobarrera]

And to set up sshd and vnc onto a distant relative's computer, I'll just use VNC over SSH.
Oh, wait!

Re:Or, ssh?

[hobarrera]

A few years ago, I was sitting in front of two PCs, using just one, but after a minutes, I noticed the start menu opened on the other, and some commands started typing themselves in. I immediately noticed the VNC icon notifying me someone was connected.

My guess: there's thousands of bots looking for open VNC connections. You don't have to be targeted specifically. Lesson: don't leave VNC to an open internet connection, even with a strong password.

Re:Or, ssh?

[rubycodez]

sure. a dictionary password will fall to brute forcing, and a strong one will take longer than the life of Sol to get....

Re:Or, ssh?

[markdavis]

Agreed. We see VNC port probing all the time. This is why we do not leave the server code running (as a service). If someone needs remote assistance, they launch the vnc server and it will wait for about 30 seconds for a connection before it gives up and dies.

Re:Or, ssh?

[hobarrera]

Why not an SSH tunnel, isn't it simpler? You could just make a tiny software the opens the tunnel for your users anyway.

Re:Or, ssh?

[MikeBabcock]

You do realize that there are automated port scanners running on botnets all over the internet all the time, right?

I get hit with thousands of SSH requests a day on the machines I administer, all with random username/password attempts (none of which will work because I only ever allow public key auth). When one of those port scanners notices 5900 open on your granny's computer, and the password is brute-forced in a few seconds, I think you'll rethink your perspective on the issue.

Interception isn't necessary to hack a connection. There's a reason we firewall people are so difficult.

PS you could just add your own netblock to your relatives' firewall software on port 5900 and limit exposure.

Re:Or, ssh?

[MikeBabcock]

Just use VNC in reverse connection mode. Make the server connect to you, not the other way around. Then you're the one who opens a port briefly for the connection, not your relative.

Re:Or, ssh?

[rtfa-troll]

Parent is over-rated. Exactly how is VNC "notoriously insecure"? Because it is not encrypted? Do you really think someone is going to intercept the screen drawing compressed bitmap traffic during some ad-hoc session?

This is exactly the thing I really hate to see up here. People doling out advice when they clearly have absolutely no clue. Some belief that "if it's for 30 seconds it's too fast for them to react". Packet monitoring is done by computers. It is done any time. It is done automatically. The network guys on your network have the right to do it "for network maintenance reasons". The professional ones a) wouldn't want to see and b) earn too much to risk it. Unfortunately they have all been outsourced to the lowest paid guy in India for whom the risk of being caught is nill and the benefit of selling your bank details; or even just enough information to make a "this is Microsoft and we know you have a virus" call is huge.

And what exactly will they get?

They want exactly only one thing. Your VNC password. They will then use that next time to start an automated session which does a small install just before you log in. After that you will never see them use your VNC ever again. Please hand in your computer operating license. None of this will involve a single person.

Re:Or, ssh?

Even better, have the server connect to a hostname. Then all you have to do is update the DNS record fro your target machine - be it some sort of dynamic DNS updater, or directly in the DNS config :)

Re:Or, ssh?

[hawkinspeter]

Or, possibly someone is sniffing around for unsecured vnc traffic, spots yours and sets up packet sniffing for the next time you use it and gets your cleartext password. So easy it could be automated and thus most likely is.

Just tunnel through SSH and you're good to go.

Re:Or, ssh?

And that's the easy part; then you need to talk her into doing the correct port forwarding on the home router, since VNC doesn't support any kind of firewall helper that all the other (non-FLOSS) software support.

Re:Or, ssh?

[hairyfeet]

Bimbo Newton Crosby, if they'd ever tried to actually support a completely clueless user they'd know that VNC would be a BAD idea.

Honestly i just don't see how he is gonna be able to pull it off on both Windows AND OSX without some service in the middle, i really don't. Everything else is gonna require the user to at least have enough skills to start the thing up which is far from assured and leaving it running 24/7 is just asking for trouble.

This is why I'm glad I have all my family and customers on Win 7, MSFT may have made plenty of dumb moves but EasyConnect is a fricking Godsend, its the easiest damned thing I've ever dealt with for remote assistance. I simply pin Remote Assistance to the start menu and its as easy as "Hit start, see that thing at the top that says remote assistance? Yeah click on that, hit next, see my name? Yeah click on my name...hold on...okay I'm hooked up, see that little box that popped up that asks if I can have full control? Just click yes...okay I've got it now" and then I can just sit in my comfy chair and work the system like i was sitting right in front of it.

I wish there was something truly universal and that simple to use but if its out there so far I haven't found it. Just remember when you suggest programs we are talking normal folks, the stuff YOU would think is trivial to do is often so completely over their head it would literally be quicker to simply drive out to where they are and do the work than to sit their on the phone trying to talk them through it.

Oh and one final bit of advice for those that have to support the clueless...get Comodo Time Machine and install it NOW, you'll be glad you did. Think of it as a system restore that actually works and which doesn't get infected by malware. When my GF had to go across the state to take care of a sick relative and her niece screwed her laptop up so bad the thing wouldn't even boot to desktop it took me less than 15 minutes to get her back up and running thanks to CTM. Just set it to use around 10%-15% of the HDD space for snapshots and have it take a snapshot at boot (if you boot more than once a day it'll only take one snapshot so you won't run out of space) and you are golden. You can even lock a snapshot so you can have your own version of a factory refresh that will put the system right back to the way you had it with no muss or fuss. Just have them hit the Home key when they see the big clock, tell them what day you want them to go back to and voila! Instant fix.

Re:Or, ssh?

[jones_supa]

One silly solution would be to create an auto-update daemon for the shortcut, for which you host the server. ;)

Re:Or, ssh?

Riiiiiight... because I can't setup a link/shortcut on someones computer that starts a reverse VNC session to my computer. Hell it could start a VNC server listening on localhost and setup a reverse SSH tunnel to my computer. Suddenly we both have the same setup.

Just because the software isn't bundled into one nice easy to install package doesn't mean I can't bundle it into a nice easy to click on link.

Re:Or, ssh?

[dbIII]

No, because I don't even bother listening to anything other than the ports that should be getting traffic. There's too much noise on the net to do more than just drop everything that doesn't belong.

Re:Or, ssh?

[the_B0fh]

you appear to be missing the point. I was talking about OP's mention of intercepting VNC traffic. If you don't have VNC running, obviously it isn't a problem. *sigh*

Re:Or, ssh?

[dbIII]

Good point and if his attitude is real he's not going to be blocking any ports even when something sinks into a sea of malware as a consequence of an exploit.
I should have phrased things differently in the post above - there's so much crap hitting ports all over the place trying to get in that logging all that stuff is just an exercise for the curious. I agree that having something like VNC alone that is not designed to be run naked on the internet is almost asking for trouble.
I just don't know how such a thing can be explained to people that think they are safe to run insecure software because they have no expensive secrets and do not understand that a spammer doesn't care - they just want your PC for a zombie. The single user, not network aware developers are sadly still with us and will not be convinced by logged activity on that magic blackbox network thing they never worry about.

Re:Or, ssh?

[therealkevinkretz]

I do the same for my parents' vacation home. Works like a charm!

Re:Or, ssh?

[mcgrew]

I was going to post a simialar "ask skashdot". In my case, though, my needs are a little different. I have a kubuntu tower that uses tha TV as a monitor, a Win 7 notebook, and just added an old Dell XP that I intend to use headless. I'll be using the Dell mostly to sample LPs, cassettes, and radio streams (often from the Linux tower on Sunday nights when KSHE plays 7 full albums). I'd like to be able to access the XP machine from either the kubuntu machine or the Win 7 machine, or the kubuntu machine from the W7 notebook. There are no Win 7 pro machines on the network, so MS's solution probably won't work.

I prefer FOSS. What's you favorite RAT, and why?

Re:Or, ssh?

[cbiltcliffe]

I've been using TightVNC for quite a while, and it's had brute force protection for as long as I can remember. It doesn't tell you that somebody's hammering on it, but it only allows a certain number of attempts - I think it's 5 - before it locks you out for a certain period.
I've actually had this bite me when I didn't have a shortcut to a certain machine, and typed in the wrong password a few times. All of a sudden I have to wait for a few minutes before it will let me even try to log in again, regardless of the password I use.

Re:Or, ssh?

[SiChemist]

So, the name of our star system is the sunar system?

Re:Or, ssh?

[UnderCoverPenguin]

I simply pin Remote Assistance to the start menu and its as easy as "Hit start, see that thing at the top that says remote assistance? Yeah click on that, hit next, see my name? Yeah click on my name...hold on...okay I'm hooked up, see that little box that popped up that asks if I can have full control? Just click yes...

How about pinning a "Call Max" script to the Start Menu? Just one click and will execute what commands are needed to establish a remote control session with the remote PC in control. Works for Mac OS and Linux, as well as Windows. (MacOS gets an icon, but I configured a "Start Menu" for those relatives I have running Linux.) (Works for my family - as long the problems don't require a real IT person. I 'm a software developper, so am an IT person's worst nightmare.)

Re:Or, ssh?

Why not use a dynamic DNS service, so her shortcut goes to john.dyndns.org (or whatever)?

Re:Or, ssh?

[hairyfeet]

Does it automatically take care of NAT, dynamic addressing, and any other hassles? because EasyConnect does. Man why they don't package that sucker up and sell it as an extra service for those not on Win 7 I don't know but I've never seen anything as simple and easy when it comes to remote control of a desktop.

Re:Or, ssh?

[John+Bresnahan]

I never thought of it. I only have to remote in to her system once or twice a year, and I don't (AFAIK) have any other reason to bother with dyndns, so I never thought of setting it up. It's a good idea which may be worth implementing in my case.

Re:Or, ssh?

[Kalriath]

It doesn't need to, because it's a reverse VNC connection. I.e. the server initiates it, not the client. NAT and dynamic addressing are irrelevant. And, even better, it's more reliable than Easy Connect (which I just got told by Windows 7 is not available when I tested it because it cannot connect to the global peer-to-peer network, whatever that's supposed to mean).

Re:Or, ssh?

[Kalriath]

You know, there's a huge difference when the word is a name. You aren't supposed to unnecessarily translate those into English, it just makes it look like you have a giant inferiority complex.

Re:Or, ssh?

[hairyfeet]

But how simple is it for the user? With EasyConnect (really don't know what kind of setup you had to get an error, I've run it on DSL, cable, and WiFi) its literally 3 clicks. click on Remote, click next, click on my name, that's it.

The problem when you are dealing with ordinary folks is there is NOTHING you can count on, nothing at all. I had one grandma that when i told her to hook the laptop to the cable that was coming out of the router unplugged the cable from the router and then into her PC, so her laptop and desktop were wired together. When you are dealing with users with THAT little amount of skill it needs to be 1.-As simple as humanly possible, if it can be done in one button great but less is always better, 2.-safe, because if its still running after you finish they will have NO CLUE on how to shut it down, 3.-Require no skills that your average 5 year old doesn't possess.

VNC

It isn't the best but it runs on just about anything you can think of.

LMGTF...

LMGTFY - two of the top 5 hits point to TightVNC...

teamviewer

[alen]

its free for non-commercial use. my mom lives almost 2000 miles away and that's what i use to help her.

Re:teamviewer

[thoriumbr]

But there's a middleman, and the guy asking help told this is a downside... VNC is great for what it wants.

Re:teamviewer

[vux984]

the guy asking help told this is a downside.

The guy asking for help hasn't spent 4 hrs walking grandma through downloading and configuring VNC over the phone so that he can get through the firewall to actually help her.

TeamViewer is a good solution

Re:teamviewer

I second this and use it often myself, it's not open source and it's third party man in the middle-ish, but it's kind of a necessary evil in avoiding having to get the non-technically inclined to try and open up ports in their firewall or trying to get them to connect to your own services.

Nice thing about teamviewer is you don't even have to install it. Both parties run the app, one enters in the multi-digit code, BAM! Instant tech support, don't complicate your life with a FOSS alternative, it's free and gets the job done extremely well, even supports file transfer, view only and remote control.

Re:teamviewer

[BoogeyOfTheMan]

I have to agree. It may not be OSS, but it is free for non-commercial use and it works on Windows, Linux, and OSX. You can even use it from an Android device to control someones machine. I've used it on Windows and Linux to control other Windows and Linux machines, on Linux to control a machine running OSX, and on Android to control my Linux machine when I wasnt at home.

If you can walk someone through downloading, installing and running something, TeamViewer is perfect. Once its running, all you need to have them do is tell you their ID number and passcode, which is prominently displayed when TV is running.

I use it a lot to help my friend whos a complete computer newb to fix and/or learn things.

Re:teamviewer

Took me half an hour to talk my dad through downloading and running the single exe for Teamviewer remote support.

Would not want to try talking him through downloading, installng AND running VNC!

Re:TeamViewer

[asmkm22]

I'm going to second this. It's free for non-commercial use, so it's great for helping out family and friends. It's really easy to use and, like the poster said, there's no install needed. Just make sure they hear you correctly and go to "teamviewer.com" and not "teenviewer.com". I had that happen once, and it was a bit awkward.

Re:teamviewer

[alen]

And my mom has no idea how to configure the firewall on her router or enable port forwarding. And neither do I since I have never seen her router

Vnc is useless if mom can't get it to work

Re:teamviewer

[aztracker1]

Did that once with my dad. Took forever to get thrugh their firewall config, download/setup vnc (interactive prompt, default refuse), and then whatismyip ... not fun, not cool... teamviewer/logmein etc are far easier.

Re:teamviewer

[zoloto]

Let's put this into perspective

He's asking for remote access help which notably involves a GUI and from that we can surmise he doesn't know what he's doing and also what he's accessing doesn't require that much security anyways because quite frankly, if it did, he's vastly under qualified to begin with nor does he have a sense of the importance of his information. Google would have helped him far more than this "article".

Windows includes RDP, and Apple includes both VNC and ARD. Linux distros have repos with vnc in them as well

Teamviewer also only initializes the connection. That's it. The entire session doesn't go through their servers, or at least they didn't the last I checked.

Re:Teamviewer

I had the need to support internal users in the latest company I worked for, so I made my own tool.
Since I was in Linux and users were in Windows, those are the two supported platforms.
I already have some code to support OSX but not released, since they are some thinks
in OSX that I have to figure out.
Of course, it's not polished and have some problems. But it's usable, at least for me.
When I need to support users through the internet I create a ssh tunnel with a small VPS that I own
and then I ask the remote user to connects to the VPS IP.
the code is on github - https://github.com/rpedroso/sharme
The windows binary can be found here http://rpedroso.github.com/sharme/download.html

Re:teamviewer

[MisterBuggie]

Takes any of my computer illiterate aquaintances about 10 mins over the phone to install TightVNC. Then I start my client in listen mode, and get them to connect to me. Really not that complicated, no firewall to config, no whatismyip. The main step you need to remember to avoid most hassle with the most computer illiterate is to get them to use IE to download the installer by clicking on "Run", as Firefox doesn't allow you to do that. Then it's just a simple case of talking them through the installer, which is pretty basic...

Re:teamviewer

[MisterBuggie]

That's what listen mode on your end is for...

Re:teamviewer

[Galactic+Dominator]

TeamViewer is a good solution

A good solution to install VNC. Then you can remove TeamViewer.

Re:TeamViewer

[DMKrow]

This is also key when you are dealing with an ISP that gives you a NAT'ed IP, instead of a real address. Mac OS X VNC was pretty limited in options (no reduced color mode to help with latency, no attach to listening client). I found having a support script that forwarded the OS X remove VNC port to a remote host to have intolerable latency. TeamViewer is not perfect, but it did mostly work to support a remote Mac better than any other solution I tried.

Re:teamviewer

[number11]

And my mom has no idea how to configure the firewall on her router or enable port forwarding. And neither do I since I have never seen her router

Vnc is useless if mom can't get it to work

UltraVNC has a "single click server". You configure (via UVNC's website) a custom server that is a single 166K executable file that requires no installation and is hardwired to connect to your computer, and (when the time comes) you run your VNC viewer in "listen" mode and have them doubleclick the icon. Since they're the ones initiating the connection, firewall shouldn't be a problem. Works great, you can email the file to them, so long as you can explain how to save an email attachment to their desktop. There are some restrictions (Win only, you need either a fixed IP or something like dyndns to specify your address, and they need to be able to receive an executable attachment), but it works really well. Dunno what to do about the OSX, though.

Re:teamviewer

Why would you waste 4 hours on that? Just download the "scprompt" version of VNC and send it to them. They run the program, type in your IP address, and then it connects to the viewer running on your machine (need to forward port 5500 from your router). Quick and simple.

Re:teamviewer

[Albanach]

The guy asking for help hasn't spent 4 hrs walking grandma through downloading and configuring VNC over the phone so that he can get through the firewall to actually help her.

The submitter has. Once more today, hence the ask slashdot post. VNC + SSH + Firewalls + dynamic dns all make for a pain. It works, but it's certainly not neat and tidy.

I'll take a look at teamviewer, so thanks for that. As was mentioned above, I'd really like something that can run locally, but in the end I may have to make do.

Re:Teamviewer

[Skapare]

I hope that one day open source figures our what the magic sauce is in Team View is and replicates it in VNC. Until that day arrives when I need to get shit down, I just use TeamView.

One sauce component is having connections made through the firewall and such. Do that through a "connection" layer on top of HTTP to a central server. Switch the connection to TLS encrypted. Then exchange account, identity, and authentication info. At this point the two ends can communicate via the server. In parallel, probe to find other ways to get through the firewall, such as direct TCP connections to the server. With communication to the server, any NAT being used is known (end IP != peer IP seen by server means NAT somewhere). UDP might be usable end to end if set up in a synchronized way. If other means don't work, at least the HTTP method does.

But I still don't trust Team View. I don't know if the end points establish safe end to end security or not. Maybe they are only doing end to server and server to other end security. This is one of the reasons we need software that comes in source code form complete to be compiled (for C, C++, ObjC, Java) or to be run (Lua, Perl, Pike, Python, Ruby). Binary can't be trusted except by those who build it, though partial trust can exist if you see that someone in the public can build it.

Yes, of course I am paranoid.

Re:teamviewer

[vux984]

You might be interested in this then:

http://www.teamviewer.com/images/pdf/TeamViewer_SecurityStatement.pdf

Should answer some of your questions on security.

Re:teamviewer

[bobbutts]

The other thing I've found useful thing about Team Viewer is that it can be setup to run like a service. I've set this up when I was visiting family members so we didn't have to deal with having them set it up. Also the control from Android is the best implemented solution I have found from that OS. The biggest annoyance is the popup asking you to play fair at the end of every session. "It's asking me to buy the license, should I click yes??"

Re:TeamViewer

[hobarrera]

There's a big difference between FLOSS and freeware.

The main one being you can assertain that FLOSS software is secure, and if the middleman is trustworthy; you can't do that with freeware.

Also, Mikogo es almost the same as teamviewer, but FLOSS.

Re:TeamViewer

[vux984]

There's a big difference between FLOSS and freeware...The main one being you can assertain that FLOSS software is secure, and if the middleman is trustworthy...

And the people he's supporting are on Windows and OSX. If we're worried about issues with proprietary 3rd party software defeating the remote-support toolchain, then we've lost before we've even started.

Groups like teamviewer have some major enterprise customers. Their reputation for security is worth more than spying on your remote support session with your grandmother. I'm not saying its impossible for them to have back doors.

But unless you audit the FLOSS alternative yourself, and then compile and deploy the exact files you audited to clients and servers under your control, then you really haven't truly "ascertained" anything at all.

And honestly, I wouldn't be convinced an audit would necessarily find a backdoor if it was there anyway.

Re:Teamviewer

So is "NX", both the commercial versions (free for personal use) and the free versions (such as "freenx"). They're much more efficient than VNC, and they don't have the gods-awful and extremely painful security models of VNC. (DES encrypted passwords, stored in the $HOME/.vnc directory that *NEVER EXPIRE* are almost as bad as Subversion storing your passwords in plain text., which it does.)

Re:teamviewer

The question is reasonable. How old are you? Either you're very young, or a recalcitrant asshole.

Re:teamviewer

[mattr]

Okay except I can't forward port 5500 from my HTC EVO 4G Wimax phone router.
I thought of VNC and a bunch of things for Mom but I found TeamViewer in the past and will probably use that this week.

Re:teamviewer

[serialband]

He can always start Teamviewer one time and use that to set up VNC and ssh and firewalls.

Re:Teamviewer

[MadX]

Sorry about the typo in the subject ... Teamviewer. I can go and sleep now

Re:Teamviewer

[shitzu]

"join remote control session" is for controlling or viewing the remote desktop - i.e. you. The other end (the person whose desktop you need to control to help him in this scenario) still needs to download an executable and run it.

Re:teamviewer

SC should also work on OSX, but I don't think you can use the generated executable.

With VNC being built into OSX, I would be very supprised that you couldn't initiate outgoing vnc connection on OSX, so setting up a simple shell script for that purpose wouldn't be a big issue. This could in theory even be done remotely, worst case, using TeamViewer or skype or what not once to do so.

Re:Teamviewer

The "magic sauce" is that TeamViewer, the company, runs a bazillion servers as a cloud which both the viewer and server software connect to. This gets around any firewalls. They hook up via this rendezvous point and off they go, talking to each other. They may, or may not, move to peer-to-peer after this - LogMeIn does, I know.
VNC doesn't do this - no one is running a cloud for you to connect out to because this costs money and no open source project could afford to do this.

Re:TeamViewer

We're an aerospace company and we were given documentation and even had discussions with TeamViewer's security guys regarding the security of TeamViewer and the protocols it uses. Whilst access-control is pretty inflexible and limited, the confidentiality aspects of the protocol are gold-standard when you're allowed to run your own negotiation server, we actually use it to remotely manage our full-motion flight simulators. Hell, the damn software is more secure than most of the layer 7 military stuff we're forced to use. That said, there is always room for improvement, as evident by the last few security patches I've seen and the rubbish updating mechanism.

Re:Teamviewer

That was the one that took me half an hour :)

Re:teamviewer

[petenz]

But VNC can be tricky to set up... If he really wants to use it, maybe compromising slightly and using Teamviewer so he can set up VNC on the computers that need supporting would be acceptable and effective.

Re:TeamViewer

[Attila]

The OP wants a solution that works on OSX 10.4 and Teamviewer does not. So much modern software does not work on 10.4, though, that I considered it a lost cause and upgraded my kids' iMac rather than try to continue to support it. The OP may want to cut his/her losses and do the same.

Re:teamviewer

TeamViewer

its free for non-commercial use. my mom lives almost 2000 miles away and that's what i use to help her.

I'd like to co-sign on this. I've tried VNC and it's great and all until you want to control a computer that you don't use. As bloody annoying as it was to get my Dad to download and then find the single exe for Teamviewer (they conveniently have a QuickSupport version of the EXE which doesn't require installing) I couldn't imagine talking him thru VNC or anything else like it (because I highly doubt there's anything better that's nearly prolific)

TeamViewer is my choice among the many free ones for a number of reasons
- it has the single exe QuickSupport version
- it can be installed and run from a portable device
- it is part of the Ninite suite so you can give them a url from Ninite which then downloads a single exe which will install it for you so you don't have to explain where to install it, how to say not to toolbars etc

It's fantastic. I feel very comfortable using it on friends computers and because sometimes my family is paranoid about 'hackers' I leave it on random passwords so every time I need help they give me the new password this way I don't get accused of hacking in for X reason or Y reason.

I'm more of a wannabe nerd than a real geek but honestly I've tried many variations of the screen controlling solution and TeamViewer really is the easiest to set up, easiest to use all while maintaining (at least the illusion of) real security. That said I haven't tried logmein yet.

The drag of TeamViewer is that while it is free there's some sort of pay component and after every connection a window pops up asking if you want to buy a Pro account. If you can teach your subjects how to close a window it shouldn't really be a concern. Well worth getting a solution that's free and relatively easy to use.

While the tech is there the interest isn't. The great FOSS projects have a lot of interesting. Outside of that they tend to clump after they reach functional. Noone really see the need to code VNC to be much more than it is. I doubt it will ever give that elusive combination of extreme peer to peer security as well as easy of usability. You really need to rethink your stand on middleware.

- Wolfkin

Re:TeamViewer

[vux984]

According to the site it supports:
        Mac OS X 10.4 and later (including Mountain Lion)

I haven't tried it myself, but it seems likely that it does work.

Re:teamviewer

unless your email provider doesn't all you to email.exe files. Then your'e stuck zipping files and then explaining what a zip file it (had to do this MULTIPLE times with my sister) and explaining how to unzip it.. or even worse trying to upload to a third party like mediafire and then having to contend with poor design and ads

Re:teamviewer

[TheDarkener]

I've been using UVNC SC for years, and it works fantastically. Just throw your custom executable on your website/blog/DropBox/whatever and e-mail the URL to the supported. It doesn't get much easier than this (although I admit, even with this it's difficult sometimes to get people to click on a link correctly).

I recently moved to ChunkVNC ( www.chunkvnc.com ) and it works great as well.

Benefits of UVNC SC/ChunkVNC:
+ It's free (No subscription, no one-time-charge)
+ It only runs when the user runs it (and removes itself when the session ends)
+ No end-user port forwarding required (as the user is creating an outgoing connection, not allowing one in - a la "reverse server connection")
+ Customizable

I highly recommend it.

Re:teamviewer

[mcgrew]

Hmmm. this may be what I'm looking for, except for the "middle" part. I want to run an XP box on my network headless, and use the Linux box to view its output. Will Teamviewer work on a private network?

Re:teamviewer

[zoloto]

Age has little to do with the practicality of the answer the article asks for. So go fuck yourself.

Software software?

Free and Open Source Software Remote Support Software

Re:Software software?

[Cute+Fuzzy+Bunny]

Its alright. It was produced by the department of redundancy department.

Remmina client for RDP protocol works

For the Windows boxes at least, an RDP client like Remmina works. (xrdp works as server on linux btw.) This might not work on Mac, so VNC is good to have also, but some Windows boxes will just happen to have RDP available (remote desktop) and it's easier to use something they don't need to figure out how to install.

Re:Remmina client for RDP protocol works

Please, open 3389 on your firewall to an unpatched 'grandmother-edition' of XP SP2.

Your malware will thank you!

Doesn't exist

[Cosmos_7]

What you're looking for doesn't exist. VNC is great, but without the middleman you're never going to have ease-of-use for the people you're trying to help... they're going to give up trying to get port-forwards set up on their router long before you actually get in to help them.

Logmein / Teamviewer / etc is what is needed, and just plain works. If you have to choose one, it should be Teamviewer... can run client and support on all three specified platforms, and the QuickSupport option on Windows is a godsend - nothing like telling a client / grandma / whoever to simply download and run a small executable to let you in and help them.

Re:Doesn't exist

[MisterBuggie]

Hasn't ANYONE ever heard of listen mode? There's absolutely no need to get them to mess with their firewall/router.

Re:Doesn't exist

[flappinbooger]

So the solution is obviously to make your own teamviewer-like solution since Teamviewer isn't free for commercial use. After much hairpulling I realized VNC is the answer but I wanted a use-anywhere-help-anyone solution. I then realized I needed a VNC repeater, this is basically what teamviewer et-al do. Otherwise YOU have to be behind a configured firewall.

Chunk VNC (you can google it yourself ;-p) is a project that is imminently doable. I deployed a repeater on my own always-on computer, configured the firewall appropriately, and customized the appropriate files. After some patience I have a totally free and branded remote support solution that requires no more from the client than teamviewer instant-support does. And, it works AS GOOD AS vnc is rightly known for.

Re:Doesn't exist

It has even be mentioned above, so no, they haven't. :)

Re:Doesn't exist

Something I did with my parents, my wifes laptop, and an elderly couple that I was helping out for a while, is that I installed teamviewer for them, set it up to run automatically, had them set a default password, and added them to my partner list.
Then, it doesn't matter if I'm at work, or home, at the mall or anywhere else, grab my phone or laptop or desktop, start it up and watch their screen while telling them what to do.
I was able to walk a 80+ yo woman through installing Microsoft office in about 5 minutes, and that's with her clicking all the buttons.
The hardest part was telling her how to put the DVD in.
Being able to see what they see is huge.

Re:Doesn't exist

[kasperd]

Logmein

Are their other products as reliable as Hamachi? Hamachi is known to make parts of the Internet inaccessible. From what I have read on various websites, this problem will be there as soon as the software is installed. Even if it looks as the software is not currently running, the component, which breaks your internet connection is allegedly still active. And if you are not careful, that part of the software may remain on the computer after attempting to uninstall the package.

Re:Doesn't exist

[cbiltcliffe]

Slashdot is, more and more, becoming populated with tech wannabes who probably use it to brag about how "techie" they are.
The deteriorating quality of ask /. posts over the last few years is a symptom of this.

There's still good stuff here, certainly, but there's a lot of noisy chatter from n00bs that you have to filter out before the good stuff comes to the fore.

Re:Doesn't exist

[MisterBuggie]

Worst thing is, OP has been modded "insightful"...

Re:Doesn't exist

[Kalriath]

Hamachi was Acquired, LogMeIn was built. The whole 5.0.0.0 mess is because Applied Networking decided they didn't want to conflict with potential internal IP ranges, so decided to conflict with an entire /8 on the internet instead. Although LogMeIn are the ones that decided to block Vietnam.

Reverse VNC

[InfiniteZero]

Other posts have already mentioned VNC, naturally. But more specifically, what you want is reverse VNC. You set up a VNC listener, and firewall port forwarding etc. on you end. Then ask the user to download a simple server executable (e.g. tvnserver.exe in the case of Windows/TightVNC) and connect to your IP address.

Re:Reverse VNC

I completely agree... I've been doing this for many years. The main advantages are:
  - Nobody has an internet-exposed vnc server
  - The people you're supporting don't need to make holes in their firewall
  - As the OP requested: no 3rd party for the connection to go through (a boon to both latency and security)
  - FOSS

For ease of use, make a .bat file on their desktop that gives them icon to click that:
  - starts the vnc server service (i.e. net start vncserver)
  - tells the vnc server to add a new client (the name you've registered with dyndns).

When they want to share their screen with you, you'll need to be running the vnc listening viewer first, and have an open port on your firewall.

Re:Reverse VNC

[MisterBuggie]

Someone mod this up as clearly most of slashdot has never heard of the listen mode...

Re:Reverse VNC

[vux984]

The issues with reverse VNC are that it requires the remote user to initiate a connection to you, which is more work for them. Less perhaps then setting up their router, but still more than something like teamviewer.

It also breaks if you can't conveniently port forward your own machine whenever you need to support them. Maybe you aren't always at home in your basement. I use teamviewer from my phone. From my laptop at on my break at work. Etc.

I even went to the next step, and ran a VNC repeater for a while, but you know what that got me to where I was with team viewer with a lot more effort, and vnc security is still generally pretty much worthless on its default settings. Planning on walking grandma through setting up vnc security before she initiates a connection to your repeater? Yeah... right.

Re:Reverse VNC

[hedronist]

One step beyond this: Use Ultra VNC's Single Click mode (free). Set up the config file to automatically connect to your listening VNC port. I've fixed email in Paris, my sister (and her machine) in Tucson, and a niece in Sydney, Australia. All they do is download a 200KB EXE file from my website. I even have Office 1 and Office 2, so if I'm in my wife's office they just click on that. The whole thing takes less than ab out 30 minutes to setup and no one else ever has to deal with anything complicated.

Re:Reverse VNC

With uVNC Single click, they double click an executable. Either mailed or pre-installed.

It's actually less work than team-viewer where you have to enter difficult codes etc.

Re:Reverse VNC

The problem is, that there isn’t a good one click reverse VNC solution that actually works. I’ve tried them. They all are very convoluted to get to work at all, and then they at best only run on Windows... And when you have done everything, there's some unresolveable protocol mismatch thing going on, and you're done.

We really need a working solution.
(Ultra VNC's Single Click) does NOT work, by the way. I've tested it.)

Re:Reverse VNC

(Ultra VNC's Single Click) does NOT work, by the way. I've tested it.)

Actually it does. I've been using it for some time now. I set it up to connect to a repeater at my office and everything connects quite nicely.

Re:Reverse VNC

[Kalriath]

Until you get a UAC prompt. Then you're screwed.

TeamViewer

[vux984]

Its not FOSS, and there is a middle man to negotiate things to get you connected.

It is however free for non-commercial use.

You can remote control -from- Windows, OSX, Linux, iphone, and android.

You can remote control -to- windows, OSX, Linux, and recently samsung androids.

It just works. The person you are trying to support can get connected to you by clicking the "Join Remote Support Session" URL, and running the quick support app. They don't have to install the software, or configure their firewall, or fiddle with various modes etc.

You can connect to pretty much anyone anywhere from pretty much anything anywhere.

How does it compare to the various VNCs? Its much easier to get a connection going, and you don't waste more time trying to get a remote session going than it takes to actually perform the remote support.

Now, VNC is great, and if you set up your own public VNC repeater, and bundle your own VNC client to use that repeater you can get most of the way towards what you get with teamviewer without any effort at all.

Jitsi

Jitsi

In Person.

[TENTH+SHOW+JAM]

I am the family geek and have found the best way of dealing with this is to organize a time to visit. Hop in car and stare at the problem in person. Set up access levels. (You don't get to be admin all the time there Mum) Set up schedules.(Leave your computer on overnight on Sunday night so the little maintenance men can do their work) Setup backups. (Where is that USB hard drive you got with this?)

If people get into problems, and they need service right away, tell them to drop the computer off at the local computer store. If it's important enough to need to happen now, then it's important enough to pay for the privilege.

Remote tools are handy for intranets (As I type I am using 2 different types). They are a security risk for internets.

Re:In Person.

[Sique]

Time to visit might work fine, if you live nearby. For me, a visit is a seven hours drive. Twice. It will take me the whole weekend. There is no direct flight connection, the flight connections which exist, will take (inclusive changing planes) five hours single trip and are prohibitively expensive (I just checked, $785 is the cheapest offer for next weekend).
For some people "just schedule a visit" is not an easy solution.

Re:In Person.

[dissy]

Hop in car and stare at the problem in person.

I dunno, driving by car from the US to the UK might introduce additional technical problems for poor mum :P

PuTTY with VNC

I've been helping my now 83-year-old dad since the Win2K days using this solution:
- On dad's machine, install VNC server and PuTTY SSH client
- Set the VNC server NOT to run in service mode.
- Set the VNC server to accept connections from localhost (That used to be a registry setting, but it might be the default now)
- Set up a user called "sonarman" on my Linux machine. sonarman's shell is a script that loops forever, printing the date and hostname, then sleep 60.
- Set up a public/private keypair so sonarman can log into my linux machine without a password
- Set up a PuTTY session for sonarman that uses the private key to connect, and that forwards some port on my linux machine to the VNC server port on my dad's computer (5901)
- If necessary, tell Windows to allow PuTTY.exe to go OUT through the Windows firewall.
- Created a folder on dad's desktop called "Get help from Mike" - inside are two windows shortcuts, one to start sonarman's ssh connection to form the encrypted tunnel, and one to start the VNC server.

So when dad has a problem, he calls me, he opens the "Get help from Mike" folder, and double-clicks the PuTTY shortcut. When he says "OK, it's showing me today's date", I tell him to double click the other shortcut, and he tells me when the VNC icon shows up in the notifications area.

Once that's done, I connect a vncviewer to localhost:<whatever port I set up>, and I have a view of and control of Dad's desktop.

He can't do any harm to my system, because sonarman's shell doesn't accept any input.
Because his computer is initiating the connection, he doesn't need a fixed IP, nor any holes through the firewall besides the *outgoing* ssh connection.
My linux machine has an entry in DynDNS, and dad's PuTTY connects to my machine by hostname, so as long as my dyndnsd keeps the name up-to-date with Comcast's periodic re-assignments of my IP address, dad's computer can always find mine.
My firewall must be configured to allow incoming ssh connections (but I want that anyway).

Re:PuTTY with VNC

[humanrev]

Now this is a great example of the DIY nature of true geeks who can build a solution using FOSS components tailored to their particular requirements but without skimping on security, and although initially a bit complicated to set up for the expert, still ultimately has ease of use on the side of the end user (the Dad in this case).

Reading about solutions built like this is one of the reasons I still come back to Slashdot despite the site itself slowly falling into the abyss.

Re:PuTTY with VNC

[fa2k]

He can't do any harm to my system, because sonarman's shell doesn't accept any input.

Nice solution (though the above "reverse VNC" is also good). Does that looping shell really protect against things like SFTP? I suppose you could just chmod sonarman's home dir so he can't write to it.

Teamviewer

[ras]

I see most people here are recommending VNC. VNC and its brethren work, but can be very slow. A propriety alternative is Team Viewer. It is free as in beer and like VNC runs on all platforms under the sun (including Android and iOS). It is unlike VNC in that it is rock solid (I've never seen it hang), always quick enough to useable and requires no special setup to pierce NAT and firewalls.

I hope that one day open source figures our what the magic sauce is in Team View is and replicates it in VNC. Until that day arrives when I need to get shit down, I just use TeamView.

I would pay for ScreenConnect

Its self hosted and cheap and doesn't have the VNC problems like it works via the firewall.

for Macs - Reverse ssh with VNC

[shking]

For mac users, I make sure that my computer is reachable by ssh and I set up a "help" account. Then I email the following commands (with appropriate substitutions)

sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -access -on -clientopts -setvnclegacy -vnclegacy yes -clientopts -setvncpw -vncpw VNC-PASSWORD -restart -agent -privs -all

ssh -R 5901:127.0.0.1:5900 -R 2201:127.0.0.1:22 help@MY-IP-ADDRESS-OR-DNS

Next I PHONE the person and get them to start up "Terminal" and copy/paste the commands above into the Terminal window. I also tell them what to type into the Terminal window when it asks for the "help" account's password.

Now I can start up my VNC client and connect via port 5901

Simple solution

[Cute+Fuzzy+Bunny]

Logitech and best buy routinely sell cheap decent webcams. I've picked up regular ones, and 720p and 1080p HD versions for under ten bucks each shipped.

Bought one for each family member.

When they have a problem, I start a video chat with them, they take the webcam off the monitor and point it at the screen. On some cams you have to click the 'mirror' button to reverse the image. Then we work on the problem. If that computer is dead, put the webcam on a laptop and use that, or do a video chat with their phone or pad if they have one.

Securing software, poking hole in firewalls and all that seems like a waste of time when you can actually SEE whats going on for yourself.

Re:Simple solution

That has to be one of the stupidest remote support solutions I've ever heard, when you could do a better job just using Skype's free desktop sharing function in a video conference if for some reason TeamViewer scares you off.

Re:Simple solution

[hobarrera]

Someone please mod this funny!

Re:Simple solution

[postbigbang]

Webcams can be cheap, but some people just don't want them for whatever reasons, including completely illogical ones. I've had people send an MMS of a screen shot, when I can't connect using logmein or VNC or RDP or whatever. The screencap idea isn't a bad one, just not easy for ad hoc support. You can't guarantee that one's nearby, but a lot of people with computers have smartphones and can get the screenshot of the error message pretty well. Beats having to spell a long error message screen string, one character at a time, with the dog barking in the background.

Re:Simple solution

even simpler solution- ebay and a lot of hipsters websites routinely sell decent Polaroid Cameras. I've picked up regular ones and a few packages of film for pretty cheap.

Bought one for each family member.

When they have a problem, I have them snap a picture of their screen and put it in an addressed, stamped envelope and send it over to me. Then we work on the problem. If that computer is dead I have them take a picture of the power cord and the outlet the computer is supposed to be plugged into to make sure the cord is actually in the outlet.

Securing software, poking hole in firewalls, setting up a video chat and all that seems like a waste of time when you can actually SEE whats going on for yourself.

Re:Simple solution

[Cute+Fuzzy+Bunny]

Webcams can be cheap, but some people just don't want them for whatever reasons, including completely illogical ones

Hmm, I had no problems with 100% of the people who want me to help them with computer problems accepting a free webcam. If you have some sort of issue with it, keep it in a drawer.

The screencap idea isn't a bad one, just not easy for ad hoc support. You can't guarantee that one's nearby, but a lot of people with computers have smartphones and can get the screenshot of the error message pretty well. Beats having to spell a long error message screen string, one character at a time, with the dog barking in the background.

I have no idea why you'd think its not easy for ad hoc support. Really? "Hold the camera up so I can see the screen. Okay, type this, click on that, problem solved". 90% of family support questions are "I'm seeing something funny on the screen, I can't describe it...how do I make it go away?".

I guess its not as sexy as full remote control, but as many people have pointed out, that can be hard to set up and use. Some times simple, cheap and effective are all you need...

Re:Simple solution

[Cute+Fuzzy+Bunny]

That has to be one of the stupidest remote support solutions I've ever heard, when you could do a better job just using Skype's free desktop sharing function in a video conference if for some reason TeamViewer scares you off.

I understand how frustrating it is to spend a lot of time thinking up how to make complicated solutions work when a simpler one does as well or better, only most people never thought about it. I also understand that many technical people like to bollux things up so they're the only one that can fix them.

Re:Simple solution

[nitio]

Based on your "solution" I believe you're the webmaster of this site.

Think bootstrap....

[niftymitch]

Start with something quick, commonly used and easy to "get 'er done".
Middle man or not. Even a 30 day evaluation package.

Then load and configure something more to your liking, test it
and unload the first tool.

The alternative is a house call which might be fine.
I would bet you owe the family members involved a visit!

UltraVNC SC

[ComputerInsultant]

I've been using Ultra VNC Single Click http://www.uvnc.com/pchelpware/sc/index.html for years. It only works with Windows, but it is small, open source, and relatively secure.

1 Your support client calls you
2 You open VNC in listen mode
3 Your support client runs a custom version of UltraVNC SC that is set to connect only to you.

Easy. Fast. Cheap. And it works.

Re:UltraVNC SC

[JamesTRexx]

We're looking into using the alternative chunkvnc single click client.
It even works with UAC if you install it as a service after firing it up the first time. Just remember to uninstall/disable it afterwards for security reasons.

TeamViewer

[humanrev]

I'd suggest TeamViewer (http://www.teamviewer.com/)

No, it's not FOSS. But it is free as in beer and it also runs on Windows, OS X and Linux (the Linux build though is technically the Windows build packaged via a Wine bottle, all self contained and preconfigured well though). Sounds like the $-free and cross-platform aspects are probably more important overall to your needs than being open source. Plus you don't have to worry about firewalls or anything - I can even access my home system at my workplace through just the browser, no extra ports except 80.

ssh+vnc works for me

[hawguy]

When I sent my dad a Linux computer because his old Windows machine was taken over by malware (no amount of remote help with running various cleanup tools helped), I set it up to automatically SSH to my home server every 5 minutes and open a tunnel back to his computer desktop's VNC port as well as an SSH port as a fallback.

it came in handy when I had mistyped his home wireless router's WPA key before sending the computer, I just had him plug the computer directly to one of his router's LAN ports, and then I was able to remote in and fix it.

VNC, and primitive OSen

[dougsyo]

VNC, as others have noted, works on lots of platforms (including older ones). You'll have to configure it in their firewall, and I use a non-standard port as well.

Some VNC versions allow a form of access control, but that doesn't help if your IP or IP range changes.

And while I realize that there is an actual cost involved to fix it, letting them stay on primitive hardware and OS is not really helping them. Sadly, "because it still works" is less and less a good reason to keep an old PC running. Not too long ago I was asked to clean up a virus-infested Windows ME box - yes, it still boots ... but it had so little memory that none of the current antiviruses I had available would even run.

Doug

C'mon man!!

VN fucking C... !!!

Is this what slashdot has come to now???

VNC with Chunk

[flappinbooger]

As mentioned elsewhere there are two main commercial solutions - non-foss. Teamviewer and Logmein. Logmein free is legal for commerical purposes and I put it on clients machines when I have them on my bench but it is limited. Teamviewer is just plain awesome but is not free for commercial use and they seem to watch. As is their right.

So the solution is obviously to make your own teamviewer-like solution. After much hairpulling I realized VNC is the answer but I wanted a use-anywhere-help-anyone solution. I then realized I needed a VNC repeater, this is basically what teamviewer et-al do. Otherwise YOU have to be behind a configured firewall.

Chunk VNC (you can google it yourself ;-p) is a project that is imminently doable. I deployed a repeater on my own always-on computer, configured the firewall appropriately, and customized the appropriate files. After some patience I have a totally free and branded remote support solution that requires no more from the client than teamviewer instant-support does. And, it works AS GOOD AS vnc is rightly known for.

Checkride

[Drgnkght]

You might want to check out a program called Checkride. It is an open source program developed in Lazarus. It is basically a preconfigured portable VNC and stunnel package. To use you configure it to connect to your computer and give it to the person you are trying to help. The executable you send them starts VNC server and then connects to your computer via stunnel. Your PC then starts VNC viewer on your side and connects to their desktop via the secure stunnel connection.

Checkride

Teamviewer!

[rbpOne]

It is NOT open source, but is in free as in beer for your use.
It supports Windows, Linux, and OS X.

Teamviewer is very use to use; I worked in IT at a business with about 800-1000 desktops and laptops, and i never experienced the users having trouble with it. They just called support, and it would go "Please click the "Company-Name Support" icon on your dekstop" "OK" "Now tell me your ID" "xxx xxx xxx" "And your newly generated passkey?" "xxxx" and they would be good to go.

I installed it on my grandparents (85 and 82) laptops to ease the time i had to use on helping them, with the laptops. They never had any problems with it.

THE WINNER IS TEAMVIEWER

[jobdrb]

Theres some options, like VNC, Skype, theres a Plugin in pidgin (not sure). But, my option to do same of you want, is Hangout and TeamViewer. Simple and Easy, and free for not comercial use. :)

It's called a security landscape

[Zero__Kelvin]

Don't be ridiculous. The likelihood that a hard disk will die or your house will burn down is far greater than the likelihood that someone will try to break in to the computer of your relatives by exploiting a VNC connection, and even if they do they will be in for quite a let down when they realize that their booty is nada. There are far better ways to compromise a Windows system. Only a moron would forgo those in favor of the "dreaded VNC attack vector" of which you are so afraid.

Re:It's called a security landscape

[hobarrera]

You probably imagine some cracker in his basement snooping your VNC connection.
That's not the usual case. If you leave a VNC server running long enough someone will crack it. And it's bots. Plain old bots, that scan the ports.

It's not some cracker interested in YOU or YOUR communications. It's a botnet trying to add another node. Or something very much alike that.

It's insecure, I talk of experience, I've seen how (in)secure it is.

Re:It's called a security landscape

[Zero__Kelvin]

What hole will they use, because they sure in the hell aren't brute forcing my password.

Re:It's called a security landscape

[Randle_Revar]

Well, I have seen many hard disks die, but I have yet to have someone I know have their house burn down. However I have seen a VNC hack in progress on my brother's HTPC. So it definitely happens, and in my experience, more often than house fires. (After a brief notepad chat session, we took the computer down and reformatted and switched to NX instead of VNC)

Re:It's called a security landscape

[Zero__Kelvin]

"Well, I have seen many hard disks die, but I have yet to have someone I know have their house burn down."

I didn't say it doesn't happen, and you have falsely limited the domain to people you know. That being said attempts may be more prevalent. That doesn't mean successes are.

Teamviewer

I use this commercially, and its a super product. In fact I am duplicating 1 TB across a vpn tunnel on it right now.
Now you may not have noticed, but on the team viewer web site, on the main page is a link for "Join Remote Control Session"
this requires no admin access at all, and is not a installable product. I use this for exactly the case you state. You walk them there
to the website, tell them to click and run that. Then ask for their numbers. Really that is as about as simple as it gets.
This is also the only product my "secure" customers trust. So we plunked down 1400 for a real license after using it for
several months. Great product.

Mikogo

[hobarrera]

Mikogo (www.mikogo.com/) is pretty good. I think it's pretty much what you're looking for, FLOSS and cross-platform.

Re:Mikogo

[skaag]

Sorry but Mikogo is not OSS...!
Look at Dimdim instead.

Re:Mikogo

[skaag]

Ok it seems that Dimdim was acquired by SalesForce...

Re:Mikogo

[niado]

I'll second the Mikogo recommendation. I was looking for a solution for the submitted problem a while back, and Mikogo was the only package I found that was free for any use. It works pretty well with extremely limited involvement from the user and no preparation required.

Re:Mikogo

[hobarrera]

Indeed, it seems mikogo's license has changed at some point. :(

Gitso seems to fit the bill

If you're capable of mapping the ports on your router and setting up a free ddns provider you might want to give Gitso a try.

https://code.google.com/p/gitso/

UltraVNC single click

[eliphas_levy]

UltraVNC Single Click. I have a binary in my public dropbox for all buddies to download and run. Just a matter of starting the listener in my side.
OK, windows-only, but you can make a OSX shell script to do the same thing there; at least you have a full-featured shell.
And for security, UVNC have a DSM plugin, if you don't really care about full compatibility

VPN + VNC

[tdelaney]

1. Set up a secure VPN server at your site. This serves two purposes: getting access to external machines, and security.

OpenVPN is a good one to use, but if you can set up OpenVPN AS either on a Linux box or in a Linux VM you'll make life much simpler for everyone.

2. Set up the people you want to support with VPN access.

3. Set up VNC on their machines. TightVNC running as a service is ideal, but take the following precautions:

a. Set the service to Manual so they have to turn it on each time.

b. Have authentication.

4. Create easily-accessible shortcuts for them to use, and train them to use them.

5. At the start of a support session, get them to connect to the VPN, start the VNC service. You can either get them to tell you the IP address, or look at the currently-active VPN connections.

6. At the end of a support session, get them to shut down the VNC service and disconnect from the VPN.

I've found that even computer neophytes can be trained to do their part, and if they've got a minimal level of skill it's possible to talk them through the initial setup of the VPN and VNC client software. You just need to get them to the point that you can remote control, and then you can lock it down (changing service to Manual, etc).

As simple as that...

[stanlyb]

As you know, in order for you to remotely control any computer, it must have real IP, static IP, whatever IP, or with other words: well known IP. And as you very well know, 99% of your friends (including you) don't have this little feature. The only possible solution to this problem is to have dedicated server, where you could rune your redirector, router, tunneler, you name it. Once you have this server, and he is under your full control, you could use any encryption, any client, any OS.

Re:As simple as that...

False. DynDNS solves the tech side of the IP address issue. Then it's a matter of the lesser-tech side contacting the easy-name the high-tech side setup

TeamViewer...

[LVSlushdat]

For familial tech support I swear by Teamviewer..Its not opensource but for non-commercial use, such as what I use it for, its free. It works on Mac/Linux/Windows AND Android.. I'm in Nevada and I have relatives in San Diego, Sacramento and back in Illinois.. I have Teamviewer installed on everybody and when they need a hand with their systems, I connect up and "look over their shoulders". Since I'm usually on Linux, its fantastic to be able to help them no matter if I'm on Windows or Linux.. Once a cousin gave me a call saying he was having trouble printing, so I teamview'ed from my Android smartphone... Worked fine, and got him going in a few minutes... Can't beat it..

Gitso - you do the hard stuff

Gitso is cross-platform and - get this - you do the "hard stuff" like open ports (easy for you, hard for grandma), your relatives just need to install the program and click a dialog box. That's it. I don't know if it's been updated in the past year or two, but it was extremely promising back in the day.

http://code.google.com/p/gitso/

you need GITSO

[quantic_oscillation7]

http://code.google.com/p/gitso/
.
.
.
.
"Gitso is a frontend to reverse VNC connections. It is meant to be a simple two-step process that connects one person to another's screen. First, the support person offers to give support. Second, the person who needs help connects and has their screen remotely visible. Because Gitso is cross-platform (Linux, OS X and Windows) and uses a reverse VNC connection, it greatly simplifies the process of getting support. "

Gitso

[pheonix7117]

I'll repeat Gitso just because of how useful it is. If you just need visual, Skype's screen-sharing can be invaluable if you already use Skype to communicate.

Teamviwer

[MadX]

Not too sure if you have hear of teamviewer ?

http://www.teamviewer.com/

There are clients for Windows / Linux and Mac ...

ssh? Or

[Weatherlawyer]

This was always a problem with "that" generation. The people in their dotage now, were the same generation that were leaving their IFF on over the whole journey to Germany and back in the early forties.

Apparently they used to think it was "lucky". (Don't ask me why. Apparently when you are stressed-out you start relying on superstition more than logic.)

Fortunately not many of them have survived to become computer users. Or if they did, they got so badly mauled in the 1990's that they gave it all up as a bad job along time ago.

Guacamole HTML5 web app

[sardinha]

If you have a server in your client network, you can test Guacamole. It's web app writen in java that you can easy install on tomcat. You can find all information in http://guac-dev.org/

UltraVNC Single Click.

You all are trying to go at this the wrong way.

You should run a 'listening server' on your end, and send them a VNC single click binary.

http://www.uvnc.com/products/uvnc-sc.html

Single click binary does need to be setup by the admin (Ultra VNC has a webpage that generates the executable, the admin can do anything from having a single entry that just connects to your IP (on the listening server) upto having pretty graphics and customized greeter screens.). Having a dns entry that always points to your domain (johnsupport.dyndns.com in the worst case for example) also makes those single click instances working for quite some time.

I'm quite surprised so little people know about SC, even though VNC is quite well known here.

And again, TeamViewer is nice (albeit closed source) one always has to wonder, why would a company give you such a service, for free. Yes, they also have commercial offerings where there bread and butter comes from I'm sure. So does google/facebook, yet we all know what they really sell.

Re:UltraVNC Single Click.

[Kalriath]

TeamViewer's paid solutions are very expensive, so that's probably why they can afford to have a free version.

Fog Creek Copilot

[Mirvnillith]

https://www.copilot.com/

gitso

[managementboy]

I have been using gitso for a few years now. My mom and sister have an icon called "help me" on the desktop. Thats all that is required.

Re:You've really never heard of autocastration?

You're a filthy nigger. Just shut the fuck up.

Since when has Slashdot suddenly turned into 4chan /b/ ?

Another free as in beer alternative: CrossLoop

[Captain_Chaos]

I see TeamViewer mentioned a lot. Another proprietary but free as in beer alternative is CrossLoop: http://www.crossloop.com/. I have no experience with TeamViewer, but I am very happy with CrossLoop, which is also free for personal use, very easy to use (start it, and read a name and twelve digit code over the phone), automagically punches through NAT routers and firewalls, and is based on VNC under water. They don't have a native client for Linux, but the Windows version runs fine under Wine.

SSL Explorer...

[Pav]

...would have been PERFECT, but strange things seem to have happened to this project. It may still be useful though.

It was purchased and closed sourced, but forked into a project called Adito, which was later renamed to OpenVPN SSH... but looking at this page the project seems to have since languished.

It is a web based VPN with a noob friendly "desktop" on which you can include multiple links to eg. intranet web apps and/or Java apps such as a preconfigured VNC client - it would seem easy enough to fashion a point-and-click solution for what you want to do, even if both "customer" and "support" are remote to the VPN+etc server. NOTHING needs to be installed on client machines (unless you're just using it as a vanilla VPN). It's really a shame that this project seems to have stalled... it had a "wow factor" and it was in the back of my head just waiting for a deployment opportunity.

Re:SSL Explorer...

[Pav]

...and if you want to see why I'm really sad that this project isn't vibrantly being developed see this video.

There isn't one

[dcollins117]

This is an obvious opportunity for a FOSS solution, yet no one sees it. Much more fun to bicker, I guess.

VNC method

[bjs555]

Here's my method:
I put the ultravnc executable and an ini file with my encrypted password into a self-expanding zip file. The zip file also contains a batch file that expands the vnc executable on the remote machine, starts vnc, and makes a reverse connection to my machine. I used the Winzip Self Extractor to which allows a specified program, in this case the batch file that starts vnc and makes a connection to me, to run after extraction. I'm not sure but maybe that's also possible with 7-zip. Then I uploaded the self-expanding zip fle to a website. When a user needs to connect to me, I just tell them to go to the website/self-expanding zip file name.exe. The user gets a prompt asking them if they want to run or save the file. I tell them to click run. Then he gets another prompt telling him that the author of the program is unknown. I tell them to click run again. So the only thing a remote user has to do is go to a website address and click run twice and we're connected.

2-stage SSH with X forwarding

[Sipper]

I'll mention this because it's what I'm doing and I haven't seen anyone else suggest it yet.

What I personally do for remote help is to use SSH with X forwarding directly, without using anything like VNC. I always set up SSH servers on non-default ports and also install fail2ban "just in case" a remote attacker actually finds the SSH servers and tries to brute-force them -- of which no attempt has ever been made so far. [And I can say that because I also set up 'logcheck', tweak logcheck to filter out noise so that it only reports actual issues, and then I actually read the resulting emails it sends.] In addition I also set up a "pre-shared" ssh key with no password and copy the key to the remote router so that the password to log into the router is not passed over the 'net, and also disable root logins. (Okay -- call me paranoid. :-P)

One place I've found with simple instructions for setting up pre-shared ssh keys:
    http://rcsg-gsir.imsb-dsgi.nrc-cnrc.gc.ca/documents/internet/node31.html

And although I know I could do the same thing to log into the user's box through the router via pre-shared keys and ssh-agent forwarding:
      http://unixwiz.net/techtips/ssh-agent-forwarding.html
instead I don't actually bother to do so, and just use a normal ssh password login to the user's box.

Login steps to get to user's box:
      - log in via SSH to the remote router, with X fowarding
          ssh -l (normal_user_username) -X -p (port) (remote_router) # ex: ssh -l mooha -X -p 1022 router.mydomain.com
      - log in via SSH (as a normal user) to the user's box, with X forwarding
      - su to root on user's box
      - su to that user
      - tell the user to quit the program they're having a problem with
      - run the specific program they're having a problem with myself and have a look

Upsides:
    - secure
    - gives user some privacy (can't see their screen)
    - never "take over" the user's mouse
Downsides:
    - can't see the user's screen
    - need to know the actual program name to run, rather than using the menus in the window manager
    - difficult to have a look at "non-application" programs such as desktop widgets (which is usually not a problem)

Enough With The VNC Adulation

VNC was fine ten years ago when nothing better was around, internet connections were slow and RDP required tons of bandwidth. But, VNC has not advanced with the times, the free version not at all. Using VNC, as I do daily, is frustrating to say the least. The Performance is slow and bandwidth utilization is relatively high in spite of the fact that color depth and resolution vaporizes in an attempt to conserve bandwidth. VNC doesn't work well, AT ALL, when UAC pops up, locking the connection which almost never fully recovers. VNC latency is high and increases, sometimes exponentially, over the course of the session.

The fact of the matter is that, compared to Join.me, LogmeIn, GoToMyPC or even RDP, VNC SUCKS ASS! Anyone that argues that point is either a lying apologist or has no experience in the other products.

In my assessment, there are only two advantages to VNC. First it is free and second it is more cross platform that most. But, VNC still sucks ass!

The poster of the Ask Slashdot is looking for that better solution. Something that works as well as these other services(much better than VNC), something that is cross platform, and something that is free. There are a few solutions out there and ironically, some of them are actually based on VNC. But, they have grown and aren't really VNC anymore and they definitely aren't free.

We, need to improve VNC or find a replacement. But, enough with the VNC adulation.

Free Remote support software

I've just discovered a product called Teamviewer and it's free. Works on Linux as well as Linux.

vnc again

[vmerc]

I admit I didn't read every last reply but have you considered uVNC single click? It comes default with an encryption plugin and you simply email the no-install exe to your relative. Or I suppose you could host it on a web site. This app ends itself once the intended helper disconnects. It solves the port problem on the customer side, is secure, and simple. The only caveat is, it's windows only.

rdesktop will work for Win from Linux

[whitroth]

The admin who recently left used it all the time to get to Windows servers, etc. It's a std. package under RHEL/CentOS, installable with yum.

              mark

UltraVNC Single Click

http://www.uvnc.com/products/uvnc-sc.html

I've been using this for years to support remote users..

Safe and fast

[juliuszs]

I tend to use OpenVPN for the encryption / privacy and rdesktop to connect to Windows. I don't have to play with Macs anymore, but I used the sshd and the standard X session. It worked well enough.

Another dumb noob question

Where's the Slashdot for non-noobs?

I'm getting sick and tired of all of these grade 3 computer class questions. Use google people. Do some fucking research and stop relying on us to do it for you.

ChunkVNC-ish

[mcrbids]

I hacked up ChunkVNC and SSVNC (for Mac support) with some scripts in order to provide a remote support solution for our clients. It's smooth enough to work reasonably well about 95% of the time, failing the last for various reasons. (firewall? permissions? who knows, it's different in each situation) We have a (somewhat expensive) shared account for LogMeIn as a fallback position when the VNC solution doesn't work out.

It's a bit inelegant with respect to how it handles UAC prompts (it doesn't at all) which results in need for annoyingly common manual reconnects, and the default viewer is Windows-Only, although I hacked up ssvnc to work on Linux for my needs.

Most of the scripting is very situation-specific. I've considered offering it as a very low cost service, but there are enough issues that I haven't really wanted to bother with the tech support hassle it would cause me.

Already Failed...

[IBitOBear]

Since your relative's most likely problem is "I can't get to my internets", any solution that involves them going to a web page or whatever is doomed to fail.

Your best bet is to get your friends and family to not think of you as tech support. /doh... (really made my life easier 8-)

The reversed (server-calls-dispay) vnc thing works well enough.

Set up a VPN host at your place and VPN clients on their machines and then just "have that on"...

You could put Xen under windows and support Windows and Linux (no joy for OSX of course).

Firewall rules to filter out brute forcers on your host (but let you have up to 5 SSH sessions from each/any one host per hour):
iptables --new-chain SSHTHROTTLE
iptables --append SSHTHROTTLE --match recent --name bad_actors --update --jump DROP
iptables --append SSHTHROTTLE --match hashlimit --hashlimit-name ssh_throttle --hashlimit-upto 5/hour --hashlimit-mode srcip --hashlimit-burst 2 --jump ACCEPT # or --jump RETURN if you have other rules to check on this link
iptables --append SSHTHROTTLE --match recent --name bad_actors --set --jump DROP
iptables --append INPUT --in-interface (external_interface) --proto tcp --match state --state NEW --dport 22 --syn --jump SSHTHROTTLE

OLD and RELIABLE != BROKEN

[IBitOBear]

Your assertion that the poster was looking for a "better" solution (than VNC) is false, as he didn't say that.

You don't like VNC. I get that.

Doesn't make it a bad choice just because you don't like it.

Now leaving the VNC server running bare on the internet is bad, but that was handled elsewere by talking about reversing the link direction etc. That windows UAC is crap is sad, yes. But the fact that people need to turn to their family when their household appliances fail them (and Windows is a houshold appliance at this point) is sad as well.

Re:OLD and RELIABLE != BROKEN

[GPLHost-Thomas]

Doesn't make it a bad choice just because you don't like it.

That's completely right. But it's still a bad choice because ... of all the points he exposed!

Routers & port forwarding required for VNC

[johnrpenner]

you may be able to get a clueless user to launch VNC server in under ten minutess of painful explanation..

but to then be able to talk a clueless user through how to enable port forwarding for port 5900 to their router IP on any given router they may happen to have.. over the phone... i have done it, but it was more than painful -- get them to find out the router ip; get them to type it into browser. pray they havent lost the posty w the router admin password.. no not the wifi password. ok, i found you a list of default router passwords.. yess hold the paperclip for 30 seconds.. login (half hour later).. okay, send me a screenshot of the router's webpage, instruct them how to do a screenshot over the phone (cmd shift 3.. no, dont hold the 3...!!).. instruct them how to attach a file to their yahoo mail.. email it to me.. half hour later.. okay, now we know what youre seeing, do blah blah blah to enable port forwarding of port 5900 to your ip, and click apply.. back to finding, downloading and installing vnc server, because youre still running osx 10.4..!?! another half hour. great.. types password, and we're in -- good, now i can install that scanner driver that was hanging on you because you tried to install the version for snow leopard.. :-%

it is truly niave to think you can talk a clueless user through setting up vnc and enabling port forwarding over the phone if you havent previously been there yourself in person to setup the session.

2cents from toronto island
jp

not open source but it works

Now I normally don't check comment, but check out GoToAssist:

http://www.gotoassist.com

It works and is way easy for them to setup for you to have access remotely. It works through nat firewalls as well and is secure.

And it is designed for tech support as well.

If you insist on open source, it's not gonna be as easy to setup.

ChunkVNC

ChunkVNC, you can even edit the autoit scripts to your linking.

plop in the latest compiler execs from autoIT and the latest exes from the ultravnc project and it'll less likely trip up on antivirus programs. (they see something self extracting and has zero reputation, they freak out on it.

FreeNX / Nomachine

[Nuuul]

Try FreeNX / Nomachine: http://www.nomachine.com/ It's in the Debian/Ubuntu repository as well. Used/using it often to use a X display over a SSH tunnel: more secure and better performance than VNC over SSH.

*SSH*

[DrYak]

forget about explaining VNC to the relative.
As stated above, you'll already be running SSHD for encryption purpose (and tunneling purposes too).

So why not also use the SSHD remote CLI capabilities and launche VNC yourself?

The only thing now is getting SSHD running:
- with suffisent login security (accepts encryption keys only, no passwords allowed), it can simply be left running.

If behind a problematic firewall, use something like autossh to have a SSH-link acting as a reverse tunnel. As long as the security is sufficient (encryptions keys, your SSH server doesn't allow much beyond reverse tunnels: no remote CLI, etc.) it will be decent too.

If the user isn't that much clueless, a link automating the tunnel setup (and optionally launching VNC) can be left in a useful place (pinned to the Windows 7 dock).